ISO Lead Auditor

Houston, United States | Posted on 06/05/2026

Kerndell delivers expert technical staffing, staff augmentation, auditing, and quality assurance for the oil, gas & energy sector.

ISO 27001 LEAD AUDITOR

Kerndell is seeking an experienced ISO 27001 Lead Auditor to support the delivery of information security management system (ISMS) audit services to clients across the energy, industrial, and technology sectors. This is a client‑facing, technically demanding role requiring demonstrated competency in ISO 27001:2022, audit program management, and the communication of findings to executive and operational stakeholders.

The ISO 27001 Lead Auditor will plan and execute first‑party, second‑party, and third‑party audits; produce audit‑ready deliverables aligned to Kerndell's quality standards; and contribute to the growth of Kerndell's information security service line.

The successful candidate will operate with a high degree of independence, maintain certifications in good standing, and represent Kerndell's brand with professionalism in all client interactions. This role is based in Houston, Texas, with client travel expected.

• Plan, schedule, and lead Stage 1 (documentation review) and Stage 2 (on‑site or remote) audits against ISO 27001:2022 requirements.
• Develop audit plans, checklists, and sampling strategies proportionate to the client's risk profile and ISMS scope.
• Conduct opening and closing meetings; manage audit team activities and time.
• Execute audit interviews, document reviews, and process walk‑throughs to gather.
• Draft findings‑based audit reports written to Kerndell's document standards; verify corrective action closure prior to issuing final reports.
• Communicate findings and risk implications clearly to client personnel at all organizational levels.
• Serve as the primary Kerndell point of contact for assigned engagements; manage scope, expectations, and schedule adherence.

• ISO 27001 Lead Auditor certification from a recognized body (PECB, BSI, CQI/IRCA).
• Bachelor's degree in information technology, cybersecurity, computer science, engineering, or a related technical discipline. Equivalent experience may be considered where accompanied by a strong certification and professional track record.
• Minimum five years of progressive experience in information security, ISMS implementation, or IT audit roles.
• Minimum three years of direct ISO 27001 audit experience, including lead auditor responsibilities.
• Deep working knowledge of ISO 27001:2022 clauses and Annex A controls, including the 2022 control restructuring.
• Working knowledge of ISO 19011 audit methodology and evidence‑gathering principles.
• Working knowledge of at least one supplemental framework: NIST CSF, SOC 2 Trust Services Criteria, CIS Controls, or NIS
  2.
• Demonstrated ability to produce technically accurate, findings‑based audit reports to a professional standard without extensive editing.
• Strong written English; US spelling and formatting standards required.

• ISO 9001:2015 or ISO 45001 Lead Auditor certification, demonstrating breadth across the ISO management system family.
• Experience in the energy, oil and gas, utilities, or industrial sectors.
• Familiarity with NERC CIP, IEC 62443, or other operational technology security frameworks.
• Prior consulting or professional services experience in a client‑facing delivery role.